Cross-Origin Resource Sharing has never been easy to find especially when it comes to exploiting the vulnerability.
Here, I will give some tricks to find such vulnerabilities.
Finding CORS- Always look for some sensitive data in response like account id, address, phone number, email, etc which can show some impact on business towards the organization.
Identification- Whenever you see the origin or referer in any request parameter cross-check via (access control allow origin) if it is changing the domain name of what you want it to be reflected in the response.
Always make sure if the request is passing through “GET” method then only it is vulnerable and exploitable. If the server is generating any kind of token in it like CSRF or bearer token keep in mind “it cannot be exploited”.
Exploit- Let’s see via an example how we can exploit it.
In my bug bounty journey, I found a domain that was vulnerable to CORS and very easy to exploit.
This POC will give more clarification on the above-mentioned rules I have explained.
Now, we have identified the CORS vulnerability let’s see how we can exploit it.
We just need to redirect the request to our own created domain.
